Firewall

In this new blog post series I’ll be looking at (normally a selection of 3) cool articles, news and other blog posts that I find interesting during the day. For this week we have PowerShell tricks, a detailed article on securing the Windows Firewall and an (old but very interesting) write up on the woes of network administrators when everything goes wrong.

PowerShell tricks: Splatting
New to me (always learning!) this trick allows you to populate the parameters for a PowerShell cmdlet in a table (makes for much neater formatting) to then pass into the cmdlet as a single object.

Endpoint Isolation with the Windows Firewall
The Windows Firewall may seem like a bit of a beast from time to time but this article makes some great points on how to build out a set of secure policies that can apply to pretty much any environment.

All systems down
A true disaster story – quite old (2003) but really worth a read to see what lessons you can take home.

Bit of a crazy issue when deploying a new Ruckus wireless network – in first suspecting an issue with the controller software or perhaps some kind of access control list blocking traffic it turns out that the default Windows Firewall rule for allowing NPS traffic is broken in some fashion.

Having tried this (and it working fine) on Windows Server 2012 R2/2016 it really does appear to be isolated to Server 2019.

Discovering this came about with a few traffic captures combined with the wonderful NTRadPing tool. The fix is to manually create the rule, see the screenshots below on how to do this.

Always remember to save your config!As part of my new job I’ve taken on the management of a Palo Alto PA-3020, on my list of things to do…update the software/firmware on it. The update process its self is pretty simple in that you identify the version you are going to update to, download it, install it and then reboot the firewall at a time that will cause the least distribution to your users.

It will also be worth taking a save of your current running configuration – this can be done by going Device > Setup > Operations and Saving a named configuration snapshot and then exporting it.

At first glance there does not seem to be a way to schedule the reboot (for say 3am – something I particularly liked on my Smoothwall firewall) so for the time being I’ll have to deal with late night reboots.

Anyway the good bit! To upgrade from 6.0.6 to 6.1.0 took 4 minutes to then upgrade from 6.1.0 to 6.1.5 took 5 minutes 30 seconds.

For more information on the upgrade process from Palo Alto themselves visit this link – https://live.paloaltonetworks.com/docs/DOC-2092.

14/11/2018 Update

It’s firmware update time again, this time going from 7.1.14 to 7.1.21, from pressing restart it took about 2 minutes 25 seconds for a ping to the firewalls management interface to come back, 4 minutes 20 seconds for the web interface to come back and then 5 minutes 25 seconds (in total) for internet connectivity to be restored.